Back in December, documents revealed the NSA had been using Google’s ad-tracking cookies to follow browsers across the web, effectively coopting ad networks into surveillance networks. A new paper from computer scientists at Princeton breaks down exactly how easy it is, even without the resources and access of the NSA.
Source: How advertising cookies let observers follow you across the web
More surveilance whakery. Gotta thank the republicans and democrats for taking away our privacy.
The second image is terrific!
The border agency says that in 2012, only 25 of its 19,000 requests were refused by the telecoms, and only 13 customers were notified that the government had sought their records. Aspects of the handovers seem to happen automatically – with the telecoms typically charging only $1 to $3 for a “BSI” request and the answers usually coming back within three business days.
Every other federal investigative agency says it cannot or will not publicly provide such precise details of their relationships with the telecoms.
…
In this context, the CBSA disclosure is important and unprecedented, say digital privacy experts, who argue that the agency’s numbers suggest many more exchanges are occurring between the telecoms and other government agencies as well.
“It makes me wonder what other structures and costs are in place,” said Christopher Parsons, a researcher at the University of Toronto’s Citizen Lab. He pointed out that the Mounties and Canada’s intelligence agencies failed to release data.
Though CBSA is being pilloried at the moment for the number of times that it accessed telecommunications data (18,849 times in 2012), the agency should be congratulated as comprehensively responding to MP Borg’s questions. Only the Transportation Safety Board provided a comparable degree of accountability to the Parliamentarian. While I’d like CBSA to go further – we shouldn’t depend on a Parliamentarian’s curiosity to learn about state surveillance practices – the agency has, ultimately, created the model that other federal institutions ought to be forced to follow.
Source: Border agency asked for Canadians’ telecom info 18,849 times in one year
…Justice Canada says the proposed legal shield against liability offers nothing new. “This protection already existed under the jurisprudence,” said spokeswoman Carole Saindon in an e-mail responding to Globe questions. She added that the “language in the bill is not a substantive change.”
Privacy advocates are not reassured by any of this.
The “unaccountability is absolutely unacceptable,” blogged Chris Parsons, a researcher for the University of Toronto Citizen Lab on Thursday. “And it’s made worse by the fact that the currently proposed lawful-access legislation, C–13, would indemnify [Internet Service Providers] for sharing even more information with state authorities while not requiring these authorities to report on how often, and to what extent, they ‘request’ such information.”
Needless to say, I fundamentally disagree with Justice Canada’s position that they sufficiently account for federal agencies’ surveillance programs. And if the liability shield that is being introduced in C-13 isn’t needed and the language not a substantive change then the government should be happy to remove it when the lawful access bill goes to committee.
I’ve been busy parsing a nice hefty government document that documents a lot of federal agencies’ surveillance practices the past few days, and my post on “Accountability and Government Surveillance” is the result. It’s admittedly long but is fairly interesting. Go read!
The report repeatedly emphasizes that the protests had been peaceful, but considers possible triggers for escalation. The sections of the documents that actually deal with what evidence the government had that the protests might have taken a violent turn, and what it would have done if that had happened, were not disclosed.
…
The report repeatedly emphasizes that the protests had been peaceful, but considers possible triggers for escalation. The sections of the documents that actually deal with what evidence the government had that the protests might have taken a violent turn, and what it would have done if that had happened, were not disclosed.
Given CSIS’s ongoing efforts to monitor for threats against national oil interests and other resource extraction companies and associated policies, it’s not necessarily a surprise that the security agency was focusing in on Idle No More. Native land is, after all, required to effectively mobilize resources across Canada.
This said, Canadians generally should be mindful that our security agency was “planning for every eventuality, concerned by the decentralized, leaderless nature of the protests and the multiple motivations and influences that drove them.“ Mindfulness is needed for two reasons: first, because CSIS’s concerns will likely lead to enhanced attempts to map communications patterns to divine ‘leaders’ and ‘centralization’ within activist groupings. Second, because CSIS’s activities are known to include stretching or breaking the law by lying to federal justices. CSIS’s targeting of Aboriginal groups shouldn’t be ignored by other Canadian citizens as not ultimately affecting them as well.
What might be most damaging about CSIS’s actions is how they will (continue to) damage relations between Canada and the Aboriginal people’s. Rather than trying to find a way of working with Canada’s native peoples the Canadian government has again classified them as prospective threats: that’s not how you develop a trusted negotiating relationship, let alone try to heal age-old wounds. And no matter how much surveillance CSIS engages in they can’t guard every mile of roads or pipelines that are used in extracting and transporting Canada’s natural resources.
I’ve just put up a longish thought piece on how Canadian telecommunications companies can practically move to improve the transparency of their corporate practices. Sometime in the next few weeks I intend on writing up how governments can develop accountability reports, and the importance in distinguishing between corporate transparency and government accountability as it relates to state surveillance.
From the Globe and Mail:
Canadians have “no way of knowing for certain the number, scale, frequency of, or reasons for, such disclosures, although we understand that they are substantial.”
…
The companies that responded to Citizen Labber Christopher Parsons included Bell, Rogers, Shaw, Telus, Videotron, Cogeco, Eastlink, MTS Allstream and Distributel, with the general sentiment that the privacy of their customers is of great concern. But their responses were short on details, instead citing vagaries about legal restrictions and national security, and in some cases shifting the onus on transparency to the government instead.
According to David Fraser, a Canadian privacy lawyer and partner with the firm of McInnes Cooper, “They’re able to provide a whole lot more information than they actually are.”
Further pressure on the companies to make it clearer just how, why, and how often they share information with state agencies.
The ability to draw similarly revealing information about Canadians’ lives is just as possible, said Christopher Parsons, a post-doctoral fellow specializing in privacy and surveillance issues at the Citizen Lab at Toronto’s Munk School of Global Affairs.
The debate over the secret interception of digital, transactional records from smartphones and mobile devices, including their locations, numbers called, duration and Internet sites browsed, extends beyond the claimed security intelligence needs of the CSE and the massive, bulk metadata collection practised by the NSA.
Parsons believes some Canadian telecommunications companies could use metadata to deliver advertising and sell consumer intelligence to marketers. “Canadian companies do recognize this kind of data as a place to make money,” he said. “There is clear value in it.”
Sensitive personal information revealed in smartphone metadata, study finds
At its core, respecting the user means that, when designing or deploying an information system, the individual’s privacy rights and interests are accommodated right from the outset. User-centricity means putting the interests, needs, and expectations of people first, not those of the organization or its staff. This is key to delivering the next generation of retail experience because empowering people to play active roles in the management of their personal data helps to mitigate abuses and misuses. To this end, Aislelabs provides an opt out site that allows individuals to choose not to have their retail traffic data included in any anonymous analytics.
Quotation from “Building Privacy into Mobile Location Analytics (MLS) Through Privacy by Design” (.pdf)
It’s incredible that any company – let alone a Canadian Privacy Commissioner – would claim that an opt-out mechanism for hidden and secretive tracking technologies (i.e. monitoring your mobile devices as you walk through the world so retailers can better sell you things) constitutes “putting the interests, needs, and expectations of people first, not those of the organization or its staff.” For such an assertion to be valid the ‘people’ should be given the opportunity to opt-in, not out, of a surveillance system that few will know about and fewer will understand. There are vast bodies of academic and industry literatures which show opt-out mechanisms generally do not work; they’re not effectively centralized and they add considerable levels of friction that hinder consumers’ abilities to express their actual interests. And that’s just fine for many retailers and analytics companies because they’re concerned with turning people into walking piggy banks, not with thinking of individuals as deserving any semblance of a reasonable expectation of privacy.
Excited Pixels